Presently, malware (malicious software) can attack various devices of cyber infrastructure via a communication network. Malware may include any program or file that is harmful to a computer or its user, or otherwise operates without permission, such as bots, computer viruses, worms, Trojan horses, adware, spyware, or any programming that gathers information about a computer user.
Malware may be distributed via a first attack vector, by electronic messages, including email, using such protocols as POP, SMTP, IMAP, and various forms of web-based email. Malicious content may be directly attached to the message (for example as a document capable of exploiting a document reading application, such as a malicious Microsoft Excel document). Additionally, email may contain URLs (Uniform Resource Locators) to malicious content hosted on web servers elsewhere on the network (i.e., via the internet). When email recipients activate such links, they may become infected via a second vector, i.e., web-based attacks. In this way, the attack is multi-phased, with an initial email phase or stage that may appear benign and a second web download phase delivering a malicious package. These techniques for infecting recipient computers initiated via email are often used to make targeted attacks on particular “high-value” users at organizations, such as executives or key technical or operational staff.
Malware may also be distributed over a network via web sites, e.g., servers operating on a network according to an HTTP standard in response to a user navigating to a URL. Malicious network content distributed in this manner may be actively downloaded and/or installed on a user's computer, without the approval or knowledge of the user, simply by accessing the web site hosting the malicious network content. The web site hosting the malicious network content may be referred to as a malicious web site. The malicious network content may be embedded within data associated with web pages hosted by the malicious web site.
An improved system for detecting malware propagated via vectors, such as email and network content, is needed.